Privacy Policy

Last updated: April 2026

SprintFlow ("we", "us", or "our") operates getsprintflow.co. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. Information We Collect

We collect the following types of information:

• Account information: Your name, email address, and password when you create an account.
• Organization information: Your organization name and team member details.
• Usage data: Sprint sessions, user stories, votes, and story point assignments created in the app.
• Payment information: Billing is handled by Paddle (our Merchant of Record). We do not store credit card details directly.
• Technical data: IP address, browser type, and access logs for security and debugging purposes.

2. How We Use Your Information

• To provide and operate the SprintFlow service
• To send transactional emails (verification, password reset, team invites)
• To process subscription billing through Paddle
• To improve the product based on usage patterns
• To communicate service updates and important notices

3. Data Sharing

We do not sell your personal data. We share data only with:

• Paddle: Our payment processor and Merchant of Record, for billing and subscription management.
• Resend: Our email delivery provider, for sending transactional emails.
• Render.com: Our hosting provider, where your data is stored.
• Anthropic (Phase 3): For AI task generation features, user story text may be sent to the Claude API. No personal data is included.

4. Data Security

We use industry-standard security measures including HTTPS encryption, hashed passwords (PBKDF2 + SHA256), and organization-scoped data isolation. Your data is isolated from other organizations and cannot be accessed by other tenants.

5. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days before permanent deletion, giving you time to export your sprint history.

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Export your sprint data in Excel format

To exercise any of these rights, email us at privacy@getsprintflow.co.

7. Cookies

We use session cookies to keep you logged in. We do not use third-party tracking or advertising cookies.

8. Children's Privacy

SprintFlow is a B2B tool intended for professional use. We do not knowingly collect data from individuals under 16 years of age.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes.

10. Contact Us

For any privacy-related questions, contact us at privacy@getsprintflow.co.